Can my phone be hacked while charging? | Juice Jacking

Can my phone be hacked while charging? | Juice Jacking

Charging smartphones at public USB charging stations in places like airports, hotels or the mall may leave travelers at risk for juice jacking.

Juice Jacking

Many of us are so attached to our smartphones, it seems at times like they are part of us. When your smartphone flashes the low battery warning, the quest to find a place to charge up begins. If you’re on the go, finding a public USB charging port may seem like the answer to all your prayers. However, using these charging ports without adequately protecting your devices may leave your personal data at risk from juice jacking.

 

Seeing your smartphone give the dreaded low battery warning may lead you to make a risky privacy decision.

What is juice jacking?

Juice jacking occurs when cyber criminals hijack USB charging stations. These charging points are altered so that when a device is plugged into the USB port via a USB charging cable, malware is sent to device and/or personal data is stolen (such as personal files, photos, or passwords). This cyber security threat can compromise mobile devices while charging. Hackers ‘jack’ data from devices as they are ‘juicing up’, hence the term, juice jacking.

A brief history of juice jacking

According to Security Intelligence, the concept was first identified as a public threat in 2011 at the DefCon conference. As part of the event, an experiment was performed to assess the feasibility of this as a cyber security threat. There was a kiosk that allowed people to charge their phones for free, however, when people plugged in their phones a warning popped up on their screen. This highlighted how inconspicuous this threat might be to unsuspecting individuals looking to charge up their devices. Since 2011, security researchers have been investigating juice jacking, and have found viable proof-of-concept examples. Some of these proof-of-concept examples have shown that passwords can be stolen from devices, or that malware can be loaded onto your phone while charging.

Some public institutions have chosen to issue warnings about juice jacking – including the FBI, the LA County District Attorney’s Office and the Better Business Bureau. These warnings have advised travelers to take caution when plugging into public USB ports and have offered advice for protecting one’s devices from the threat of juice jacking.

However, there is some criticism over these warnings. Tech Crunch has reported on the disparity between the threat warnings and actual evidence of juice jacking attacks. Additionally, many smartphones may prompt users to select if they would like to transfer data when they are plugged into a USB port. Security researchers have responded to the criticism highlighting the proof-of-concept experiments that have been done showing that the possibility of juice jacking does exist, even if the rate of actual juice jacking incidences is unknown. Despite the uncertainty to the level of threat posed by juice jacking, taking precautions against this threat follows the logic that it is better to be safe than sorry, especially where personal data privacy is concerned. Luckily, protecting one’s devices is relatively easy!

How can I protect myself from juice jacking?

There are a number of ways to protect one’s device from juice jacking, namely:

  • Using a charge only/data blocking USB cable
  • Using a USB condom/USB data blocker
  • Charging up with a power bank
  • Avoiding USB ports and using an AC power outlet instead

JuiceBack Data Blocking Cable
A charge only USB cable is a new option for preventing juice jacking. Essentially, this cable eliminates the option of data transfer when you plug in your phone. Instead, it only allows charge to flow between the smartphone and the charging point, and, consequently, prevents data from being transferred. Check out Spy-Fy’s JuiceBack Data Blocking Cable (Fun fact: this product was named the JuiceBack because it was specifically designed to protect mobile devices from juice jacking).

USB Data Blocker
A USB condom refers to a connector that you can add to the end of your charging cable that turns your cable into a data blocking cable. The cheeky name refers to the idea that adding the USB data blocker to a regular charging cable will allow devices to charge protected. This is a handy and simple gadget that can be used when charging devices in public USB charging stations. Check out Spy-Fy’s USB Data Blocker.

Power Bank
Charging up with a power bank is another easy way to avoid juice jacking. The only downside is that this requires more foresight than sticking a data blocking cable or USB condom into one’s backpack as one has to charge up their power bank first. Additionally, air travel has limitations on the use of power banks and where they can be stored.

Avoidance of USB ports
One last solution is avoiding using public USB ports altogether, however this isn’t a very practical solution. This could be done by charging using wall outlets instead. However, this is a less convenient option, especially for international travelers who could use USB ports in public places like the airport or hotel, instead of carrying around an adapter to plug in the base of their phone charger.

All four options can provide travelers the means to protect their devices while charging from juice jackers. Although the scope of this threat remains unclear, the proof-of-concept examples from security researchers and warnings issued by public institutions like the FBI support the notion that juice jacking is a real possibility. Staying privacy aware and proactive in taking measures against the possibility of juice jacking may protect your data from being stolen from your devices while charging.

Sources: 

Forbes “Why You Should Never Use Airport USB Charging Stations”

Security Intelligence

Tech Crunch

Volgende lezen

Is TikTok safe?
5 Things You Can Do to Protect your Digital Privacy